WPSec is a WordPress security suite that contains some essential security tools for any WordPress site. Featuring a Web Application Firewall, Intrusion Prevention System, Rate Limiter and a number of hardening steps; this plugin leaves you in the best position to combat security threats.

Whilst the WAF can defeat dynamic security threats (even before vulnerabilities have been exposed), the Rate Limiter will prevent scanning attacks and brute force attacks. A number of security patches are also applied to WordPress in a bolt-on fashion to protect a number of attack vectors.

This plugin goes beyond what other WordPress security plugins can offer, by offering dynamic security instead of passive attack prevention measures. This plugin will even protect the WordPress core, themes and plugins by enforcing itself as a priority script in WordPress.

Tech Specs:

Custom Web Application Firewall with customisable ruleset

Comes with 78 Firewall rules

Able to block SQL Injection, XSS, CSRF, Arbitrary Code Execution

Rate Limiter to block brute force attacks

Site wide rate limiting for penetration testing attacks

Bolt-on patches to protect the WordPress core

Protect against vulnerabilities in third-party themes and plugins

Enforces itself as the first loaded plugin and runs scripts before WordPress actions have a chance to kick-in